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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1-7. (Canceled) 

8. (Currently Amended) A network device for implementing Internet 
Protocol Security, comprising: 

at least one Internet Protocol forwarder (IPFW) arranged to receive IP 
packets, each IP packet being associated with a Security Association (SA), the at least 
one IP forwarder is further arranged to determine the destination of each IP packet and 
to forward each IP packet to its destination; 

a plurality of security procedure modules coupled to the at least one IP forwarder 
and arranged to implement security procedures for received IP packets in parallel: and 

a security controller arranged to allocate negotiated SAs among the security 
procedure modules and to notify the security procedure modules and the at least one IP 
forwarder of the allocation, whereby the at least one IP forwarder can send IP packets 
to the security procedure module implementing the associated SA. 

9. (Previously Presented) A device according to claim 8, wherein the 
security procedure modules are coupled together to allow the forwarding of an IP packet 
from one security procedure module to another. 

10. (Previously Presented) A device according to claim 8, wherein the 
security controller is responsible for creating and modifying IP packet filters in the at 
least one IP forwarder, and the filters are responsible for routing IP packets to the 
security procedure modules. 
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11. (Currently Amended) A device according to claim 10, wherein the filtering of 
packets is carried out using at least one selector, the at least one selector being the 
Security Parameter Index (SPI), which is contained in the header of the IP packets and 
which identifies a SA and which is conta i ned i n a head e r of th o IP pack e ts . 

12. (Previously Presented) A device according to claim 8, wherein the 
security controller is coupled to an Internet Key Exchange (IKE) module which is 
responsible for negotiating SAs with peer IKE modules, and the security controller is 
arranged to receive from the IKE module details of negotiated SAs. 

13. (Previously Presented) A device according to claim 8, wherein at least 
one of the at least one IP forwarder, security procedure modules, and security controller 
are implemented in at least one of software, hardware, and a combination of hardware 
and software. 

14. (Previously Presented) A method of processing IP packets at a 
network device, the method comprising the steps of: 

allocating negotiated Security Associations (SAs) among a plurality of security 
procedure modules arranged to implement security procedures for received IP packets; 

notifying the security procedure modules and at least one IP forwarder of said 
allocation; and 

receiving IP packets at the at least one IP forwarder, identifying the SAs 
associated with the packets, and forwarding the packets to the security procedure 
modules implementing the associated SAs. 

15. (New) The method according to claim 14, wherein the security procedure 
modules are coupled together to allow the forwarding of an IP packet from one security 
procedure module to another. 
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